From 1a8395f0a0ace193efd4200a00ee14fa11b6446a Mon Sep 17 00:00:00 2001 From: "gpt-engineer-app[bot]" <159125892+gpt-engineer-app[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 21:23:29 +0000 Subject: [PATCH] Update documentation references Update remaining documentation files to remove references to the old approval flow and feature flags. --- docs/DEPLOYMENT.md | 2 +- docs/JSONB_ELIMINATION_COMPLETE.md | 7 ++++--- docs/PHASE_1_IMPLEMENTATION_SUMMARY.md | 4 ++-- docs/SECURITY_FIXES_P0.md | 10 +++++----- docs/SUBMISSION_FLOW.md | 5 +++-- docs/VALIDATION_CENTRALIZATION.md | 8 +++++--- docs/moderation/SUBMISSION_PATTERNS.md | 4 ++-- docs/versioning/MODERATION.md | 6 +++--- 8 files changed, 25 insertions(+), 21 deletions(-) diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md index 7bd2f136..05608bd6 100644 --- a/docs/DEPLOYMENT.md +++ b/docs/DEPLOYMENT.md @@ -93,7 +93,7 @@ supabase functions deploy # Or deploy individually supabase functions deploy upload-image -supabase functions deploy process-selective-approval +supabase functions deploy process-selective-approval # Atomic transaction RPC # ... etc ``` diff --git a/docs/JSONB_ELIMINATION_COMPLETE.md b/docs/JSONB_ELIMINATION_COMPLETE.md index 275a5448..4ded2b86 100644 --- a/docs/JSONB_ELIMINATION_COMPLETE.md +++ b/docs/JSONB_ELIMINATION_COMPLETE.md @@ -21,11 +21,12 @@ All JSONB columns have been successfully eliminated from `submission_items`. The - **Dropped JSONB columns** (`item_data`, `original_data`) ### 2. Backend (Edge Functions) ✅ -Updated `process-selective-approval/index.ts`: +Updated `process-selective-approval/index.ts` (atomic transaction RPC): - Reads from relational tables via JOIN queries - Extracts typed data for park, ride, company, ride_model, and photo submissions - No more `item_data as any` casts - Proper type safety throughout +- Uses PostgreSQL transactions for atomic approval operations ### 3. Frontend ✅ Updated key files: @@ -122,8 +123,8 @@ const parkData = item.park_submission; // ✅ Fully typed - `supabase/migrations/20251103_data_migration.sql` - Migrated JSONB to relational - `supabase/migrations/20251103_drop_jsonb.sql` - Dropped JSONB columns -### Backend -- `supabase/functions/process-selective-approval/index.ts` - Reads relational data +### Backend (Edge Functions) +- `supabase/functions/process-selective-approval/index.ts` - Atomic transaction RPC reads relational data ### Frontend - `src/lib/submissionItemsService.ts` - Query joins, type transformations diff --git a/docs/PHASE_1_IMPLEMENTATION_SUMMARY.md b/docs/PHASE_1_IMPLEMENTATION_SUMMARY.md index ee5e1c10..4c01a074 100644 --- a/docs/PHASE_1_IMPLEMENTATION_SUMMARY.md +++ b/docs/PHASE_1_IMPLEMENTATION_SUMMARY.md @@ -20,7 +20,7 @@ Created and ran migration to: **Migration File**: Latest migration in `supabase/migrations/` ### 2. Edge Function Updates ✅ -Updated `process-selective-approval/index.ts` to handle relational data insertion: +Updated `process-selective-approval/index.ts` (atomic transaction RPC) to handle relational data insertion: **Changes Made**: ```typescript @@ -185,7 +185,7 @@ WHERE cs.stat_name = 'max_g_force' ### Backend (Supabase) - `supabase/migrations/[latest].sql` - Database schema updates -- `supabase/functions/process-selective-approval/index.ts` - Edge function logic +- `supabase/functions/process-selective-approval/index.ts` - Atomic transaction RPC edge function logic ### Frontend (Already Updated) - `src/hooks/useCoasterStats.ts` - Queries relational table diff --git a/docs/SECURITY_FIXES_P0.md b/docs/SECURITY_FIXES_P0.md index d4435105..9bfd6492 100644 --- a/docs/SECURITY_FIXES_P0.md +++ b/docs/SECURITY_FIXES_P0.md @@ -139,7 +139,7 @@ SELECT * FROM user_roles; -- Should return all roles ### Problem Public edge functions lacked rate limiting, allowing abuse: - `/upload-image` - Unlimited file upload requests -- `/process-selective-approval` - Unlimited moderation actions +- `/process-selective-approval` - Unlimited moderation actions (atomic transaction RPC) - Risk of DoS attacks and resource exhaustion ### Solution @@ -156,7 +156,7 @@ Created shared rate limiting middleware with multiple tiers: ### Files Modified - `supabase/functions/upload-image/index.ts` -- `supabase/functions/process-selective-approval/index.ts` +- `supabase/functions/process-selective-approval/index.ts` (atomic transaction RPC) ### Implementation @@ -171,12 +171,12 @@ serve(withRateLimit(async (req) => { }, uploadRateLimiter, corsHeaders)); ``` -#### Process-selective-approval (Per-user) +#### Process-selective-approval (Per-user, Atomic Transaction RPC) ```typescript const approvalRateLimiter = rateLimiters.perUser(10); // 10 req/min per moderator serve(withRateLimit(async (req) => { - // Existing logic + // Atomic transaction RPC logic }, approvalRateLimiter, corsHeaders)); ``` @@ -197,7 +197,7 @@ serve(withRateLimit(async (req) => { ### Verification ✅ Upload-image limited to 5 requests/minute -✅ Process-selective-approval limited to 10 requests/minute per moderator +✅ Process-selective-approval (atomic transaction RPC) limited to 10 requests/minute per moderator ✅ Detect-location already has rate limiting (10 req/min) ✅ Rate limit headers included in responses ✅ 429 responses include Retry-After header diff --git a/docs/SUBMISSION_FLOW.md b/docs/SUBMISSION_FLOW.md index 53ea398f..502e8c63 100644 --- a/docs/SUBMISSION_FLOW.md +++ b/docs/SUBMISSION_FLOW.md @@ -125,7 +125,7 @@ The following tables have explicit denial policies: ### Service Role Access Only these edge functions can write (they use service role): -- `process-selective-approval` - Applies approved submissions +- `process-selective-approval` - Applies approved submissions atomically (PostgreSQL transaction RPC) - Direct SQL migrations (admin only) ### Versioning Triggers @@ -232,8 +232,9 @@ A: Only in edge functions. Never in client-side code. Never for routine edits. - `src/lib/entitySubmissionHelpers.ts` - Core submission functions - `src/lib/entityFormValidation.ts` - Enforced wrappers -- `supabase/functions/process-selective-approval/index.ts` - Approval processor +- `supabase/functions/process-selective-approval/index.ts` - Atomic transaction RPC approval processor - `src/components/admin/*Form.tsx` - Form components using the flow +- `docs/ATOMIC_APPROVAL_TRANSACTIONS.md` - Atomic transaction RPC documentation ## Update History diff --git a/docs/VALIDATION_CENTRALIZATION.md b/docs/VALIDATION_CENTRALIZATION.md index c646fc0a..fe2650bc 100644 --- a/docs/VALIDATION_CENTRALIZATION.md +++ b/docs/VALIDATION_CENTRALIZATION.md @@ -88,9 +88,10 @@ This created several issues: #### 3. Edge Function (`supabase/functions/process-selective-approval/index.ts`) **No Changes Required:** -- Already has comprehensive validation via `validateEntityDataStrict()` +- Atomic transaction RPC approach already has comprehensive validation via `validateEntityDataStrict()` - Already returns proper 400 errors for validation failures - Already includes detailed error messages +- Validates within PostgreSQL transaction for data integrity ## Validation Responsibilities @@ -167,8 +168,9 @@ Expected: Edge function should return 400 error with detailed message, React sho If you need to add new validation rules: 1. ✅ **Add to edge function** (`process-selective-approval/index.ts`) - - Update `validateEntityDataStrict()` function + - Update `validateEntityDataStrict()` function within the atomic transaction RPC - Add to appropriate entity type case + - Ensure validation happens before any database writes 2. ✅ **Update documentation schemas** (`entityValidationSchemas.ts`) - Keep schemas in sync for reference @@ -176,7 +178,7 @@ If you need to add new validation rules: 3. ❌ **DO NOT add to React validation** - React should only do basic UX validation - - Business logic belongs in edge function + - Business logic belongs in edge function (atomic transaction) ## Related Issues diff --git a/docs/moderation/SUBMISSION_PATTERNS.md b/docs/moderation/SUBMISSION_PATTERNS.md index 0576d43d..835ad6c3 100644 --- a/docs/moderation/SUBMISSION_PATTERNS.md +++ b/docs/moderation/SUBMISSION_PATTERNS.md @@ -19,8 +19,8 @@ User Form → validateEntityData() → createSubmission() → content_submissions table → submission_items table (with dependencies) → Moderation Queue - → Approval → process-selective-approval edge function - → Live entities created + → Approval → process-selective-approval edge function (atomic transaction RPC) + → Live entities created (all-or-nothing via PostgreSQL transaction) ``` **Example:** diff --git a/docs/versioning/MODERATION.md b/docs/versioning/MODERATION.md index 47da8361..0395b05d 100644 --- a/docs/versioning/MODERATION.md +++ b/docs/versioning/MODERATION.md @@ -29,7 +29,7 @@ sequenceDiagram Note over UI: Moderator clicks "Approve" UI->>Edge: POST /process-selective-approval - Note over Edge: Edge function starts + Note over Edge: Atomic transaction RPC starts Edge->>Session: SET app.current_user_id = submitter_id Edge->>Session: SET app.submission_id = submission_id @@ -92,9 +92,9 @@ INSERT INTO park_submissions ( VALUES (...); ``` -### 3. Edge Function (process-selective-approval) +### 3. Edge Function (process-selective-approval - Atomic Transaction RPC) -Moderator approves submission, edge function orchestrates: +Moderator approves submission, edge function orchestrates with atomic PostgreSQL transactions: ```typescript // supabase/functions/process-selective-approval/index.ts